623 advisories for 91 unique vendors in 406 products and 512 unique versions, while issued 107 rejected advisories. An increase of 40% advisories from the previous month.
Zero-day vulnerabilities in Mozilla Firefox and 3 Extremely Critical advisories were reported in Microsoft Operating systems.
Red Hat kept its position as a top vendor with the most amount of vulnerabilities, and Microsoft also held its 6th position.
Kinsing and Loncom are the most prevalent malware, mainly affecting open-source operating systems and Mozilla Firefox.
Two zero-day vulnerability was reported in Mozilla Firefox with CVE-2020-6819 and CVE-2020-6820 in Mozilla Firefox 68.x and 74.x. The vulnerabilities are linked to malware, cyber exploits, and used in penetration testing tools.
Three extremely critical advisories were issued for each set of Microsoft Operating systems. These advisories were part of Patch Tuesday. All advisories had a positive threat score, which means they were linked to malware and cyber exploits.
5 being the highest criticality, the below graph shows the average criticality per vendor, which is sorted based on the number of advisories.
Secunia Advisory criticalities are further explained at this link.
If we remove Rejected advisories, then the criticality spread looks like as shown below.
65% of vulnerabilities can be exploited from remote, which makes the remediation efforts even more critical.
A CVSS score is a metric that is used to measure the severity of a vulnerability. CVSS3 specifications and the criteria details can be found at this link.
Here we rank the Vendors and average of CVSS scores for the vulnerabilities reported in their relevant advisories.
The criteria for Threat Score calculation is outlined at this link.
17 instances of kinsing and Loncom with CVE-2020-6819 in Oracle, Red hat Linux, SUSE and CentOS, Fedora, and Mozilla Firefox and Thunderbird.
4 instances of SafeStrip (Fake Antivirus), Snatch Ransomware, Mdrop, and Xhelper (Adware) in CentOS, Oracle Linux, and RedHat with CVE-2019-17666.
The number of advisories is steadily increasing month over month - 67 % increase since February 2020. Zero and extremely critical vulnerabilities should be pathed on an emergency basis and shouldn’t wait for a regular patch cycle.
A complete list of vulnerabilities affected versions, criticality, threat score, and relevant patch information are available in the Software Vulnerability Research and Software Vulnerability Manager solutions from Flexera.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.